← Back

CVE-2025-26526

nvd nist
Published: Feb 24, 2025Modified: Aug 8, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: patrick@puiterwijk.org (Secondary)

Description

Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.

Affected (4)

Products: Moodle: Moodle
Moodle
1 product
Moodle
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Moodle
Moodle
From 4.1.0 to 4.1.16
Moodle
From 4.3.0 to 4.3.10
Moodle
From 4.4.0 to 4.4.6
Moodle
From 4.5.0 to 4.5.2

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: patrick@puiterwijk.org
Patch
Source: patrick@puiterwijk.org
Vendor Advisory

Timeline

No history available yet.